Discuss About The Critical Steps For Responding A Cyber Attack

Why Retaliation is Not the Best Solution

Discuss About The Critical Steps For Responding A Cyber Attack.

Cyber-attacks have become increasingly high as technology continues to grow. There is a need to effectively combat cybercrimes in the world over. Various technologies and software have come up in tackling the issues related to cyber-attacks. The processes and technologies designed to protect systems, networks and data are what make up cyber security. The attacks are aimed to cause harm by changing or destroying data. Therefore, cybersecurity is important because it helps not only organizations and companies but also individual people from the harm that may be caused by a cyber-attack. Some of the threats associated with cybersecurity include: ransomware, malware, civil engineering, phishing among others. Some of the technologies designed to effectively deal with cyber attacks include

In recent years, IT professionals in companies and organizations want laws to be made to allow them retaliate against cyber attacks rather than wait for the appropriate authorities to take action. They argue that it would minimize the number of times the company is attacked. (Hutchinson, 2013).

In my report, I argue that retaliation is not the best solution in combating cyber attacks. The “hack back” notion should be avoided. “The best defense is a strong offence”, this is a term used by most people but that’s not the reality when it comes to cyber attacks. In fact, the only defense in cyberspace is a strong defense. My report shows that there are better ways in combating cyber attacks rather than retaliation. It advocates for better defensive strategies to handle cyber attacks

The following is a discussion on why retaliation or hack back is a wring response to fighting cyber attacks.

By the use of retaliation or hack back, it nearly impossible to find the real culprit behind the attack. Great hackers usually mask their attacks and it becomes difficult to identify and to tell who it is and the main reason behind the attack. Therefore, the attacker will not be brought to justice and they may end up coming back to attack again. Therefore, in case of an attack the organization should let the appropriate authorities investigate and find the culprits behind the hacks. It is of great importance to bring the attackers to justice so that they may not repeat the same again.

By use of retaliation, the company or organization may find themselves breaking the law so as to get back at the attacker. Most hackers don’t value the law and so by doing that they break most laws when attacking a company. For an organization to hack the hacker they may also need to go around some laws so as to harm the attacker. This is morally and unlawful because it is not accepted to intentionally harm others in a cyber-attack. In the US the Computer Fraud and Abuse Act of 1986 (CFAA) has been interpreted broadly enough that unauthorized access to almost any computer is seen as illegal (Sullivan, 2016).

Disadvantages of Hacking Back

When some hackers notice that you want to hack them back, they get encouraged and determined to continue executing the hack. Some may even start using dangerous and harmful techniques. Also, a company or an organization may not realize that the attackers may have more resources than them and this may cause the company to fight a loosing battle. The attack could be more severe than the first attack before the counter attack.

Hacking back does not solve the problem. It doesn’t assure you that the threats to you company or organization have ended. After identifying the vulnerability in your systems or network, it is important to ensure that you handle the vulnerability to ensure that no one else hacks into the system.

Cyber wars may lead to unintended harm to the company’s asset. It may lead also to the damage of a third party. This may cause the third party to seek legal assistance which may be damaging to the company (Maybury, 2018). Also, as the cyber wars or retaliation happens unintentional spread of the malware to the internet may occur.  The effects felt may be unintentional but that’s what happens when a cyber weapon is used. The malware interacts with the already vulnerable Information system and the effects caused cannot be underestimated or overlooked.

Countries with limited or minimal government and legal restrictions are a good place for cyber attackers, terrorist groups and hacktivists to operations in. Example, when some Russian hacktivists decided to issue a DOS attack on the country of Estonia in 2007, Estonia requested for support and assistance from Moscow to track the attackers but Moscow refused to assist them hence their requests were denied. This is because the hacktivists had support from kremlin. (Jensen, 2012).

Had Estonia decided to retaliate against the hacktivist group, it risked the possibility of escalating the crisis further between the two nations. Another instance of a scenario like this involves a third-party country which is no allies or friend to the country that has been attacked. If the victim country retaliates against the third-party state it would be intruding on the sovereignty of the third country. Retaliation on the third-party state even if it’s a success, it would not have achieved anything or made an effect (Messmer, 2011). If we were to assume that extradition is unlikely to happen and the perpetrator is essentially shielded by the laws of the host country the attacker would not be deterred to act in the future. Tactical success (hacking back, destroying the computer, etc.) would not translate into strategic victory.

Ways to Mitigate Risks

The attacker may use the target country to issue their attack. The attack may be routed through various different hops and location before it reaches the intended target. Because the origin of the attack is not known, uncooperative governments failure of intelligence security services where the attack was routed to may interfere with the investigations. This is because they may delay release of important information. Because of the long period of time taken for the countries to reach an understanding or resolve the conflict, the likelihood of the attacker or hacktivist to relocate to another country to resume their operations is very high.

From the above discussion we can see that the disadvantages of hacking back are many and the damage that they can cause are huge (Wolff, 2017). The following are ways in which organizations can mitigate the risks that are associated with cyber attacks. Also, it proposes the best way to deal with cyber attacks and also help prevent them. “The best defense in cyberspace is a strong defense”.

This is a process that should be done regularly to identify the risks and vulnerabilities involved. Organizations should gather and evaluate potential risks in their organization. This helps them to become prepared if anything should happen. It also helps them be aware of the potential risk that their systems may have.

Trainings should be done regularly so as to ensure that employees are up to date with the latest technological trends and security information. These trainings should also include practical training of some of the security threats that an organization may face. E.g. phishing emails. This enables employees to become extra cautious and vigilant when handling information from the internet.

When organizations and companys keep up to date with the security threats surrounding cyber security, they ensure that they come up with the best ways to deal with them. There are some organizations that share information about cyber threats in real time. This information goes a long way in prioritizing security measures.

Organizations and companies should make it difficult for attackers to hack into their systems. This discourages most attackers because most of them look for targets that are easier to exploit the vulnerabilities. This is because of the sophistication that will be there in accessing the systems. This will also assist in attributing attackers who have that level of skill to hack into complex systems.

Organizations and companies should create a network that mirrors their network and systems which can be monitored by defenders who can in turn use these strategies to defend the organizations and company. Example, a fake water utility supervisory control and data acquisition system was created by a Trend Micro researcher. The researchers used the system to observe and monitor the movements of Chines agents known as “Comment Crew,” who had gained access to the “honeypot” via an infected MS Word document. (Saarinen, 2013.)

Tools to Help Detect and Mitigate Cyber Attacks

These include tools that are able to automatically identify and blacklist attackers by opening trigger ports on hosts. Other tools include softwares that are able to identify IP addresses which are real of an attacker even if they are using a proxy to hide themselves. Some also pinpoint the exact geographical position of the attacker. Finally, there are tools which detect an intrusion and the feed the attacker fake information. (Higgins, 2013).

Organizations and companies may use techniques that can mislead attackers. These techniques include implementing an OS that’s deletes the files e.g. rootkit for installation, when it notices that an attacker is downloading them. Also, the organizations can create websites which have data files and the websites can compile data randomly from the actual files (Snyder, White and Mann, 2015).  This causes confusion to the attackers because they see connections which actually don’t exist and this makes it really difficult for them to make the actual connections. File transfer utilities which pretend to crush or imitate the same way a compromised system would behave when it detects or identifies signatures that are commonly used by attackers. This is very useful in protecting the system.

Incase the breach has occurred here are some of the ways to deal with a breach so as to mitigate the risks

This involve all the experts in the organization that are tasked with handling a cyber attack. They will identify the threat, protect the data and also ensure that they minimize the effects or damage caused by the attack (Tripwire, 2015) this team must always be on standby to ensure the continuity of the business and securing the data that has not been affected by the attack.

By notifying the law enforcements it makes them start investigating the matter to find the people who are responsible for the attack. Also, law enforcement may know similar attacks that may have occurred and this makes it easier for them to piece together information so as to capture the culprits.

This is important because it can be used later as evidence when the attacker is apprehended. Also, it also makes the organization to know what part of their system or network has been affected and the possible effects that this may have in the operations of the business.

To ensure the data is protected and also minimizing the damage done by the attack, the systems should be secured effectively. Businesses make a mistake of removing the malware or taking the system offline. This makes the hackers know that they have been identified and therefore stop their activities hence making it difficult to capture or identify them. Some of the actions you can take include changing of passwords and the access control list.

After a machine has been attacked it is best that you leave it online but block it from accessing the internet. You can also isolate it in a VLAN or by use of a firewall so that it can’t communicate to the outside world. This method helps by preventing the machine from doing any damage to the company’s network and also it ensures that the business continues with its operations.

Each business and organizations must have a back up to ensure the continuity of a business. Data should be backed up regularly so as to ensure you capture everything. This ensures that you can restore everything back when an attack has occurred. You should use the backups when the business data becomes severely compromised or damaged.

Based on the above discussions there are some of the issues highlighted and recommendations made to resolve the issues. These recommendations help in preventing hacking back as this will not resolve the hacking problems. Some of the recommendations made for this concept are as listed below.

1. Funding should be put into coming up with security softwares and strategies to deal with cyber attacks
2. Appropriate laws should be put into place for organizations that want to retaliate against attackers. This should be done in a contained environment to prevent damages

• Organizations should have a department specifically to deal with cyber attacks.

1. There should be an organization where information can be shared between organizations about the recent cyber attacks and how to deal with them
2. Cyber laws should be very harsh to people who are found to engage themselves in cyber crimes. E.g. life imprisonment.

Conclusion

From the above discussions we can see that the best ways and method in fighting cyber-attacks. The use of retaliation and hacking back will lead to more damage than good. Retaliation cannot deal with most cyber-attacks that are out there. marketing, retaliation may cause cyberwars that may have catastrophic effect the cyber world. Therefore, it is essential for organizations and companies to continue increasing efforts in creating better defenses against cyber-attacks. The phrase “the best defense is a good offence” should be the last resort and not as a first choice. As for now, the only defense in cyberspace is a strong defense.

References

Altushost (2018). 4 Critical Steps for Responding to a Cyber Attack. [online] AltusHost. Available at: https://www.altushost.com/4-critical-steps-for-responding-to-a-cyber-attack [Accessed 22 May 2018].

Bradbury, D. (2015). Should we hack the hackers?. [online] the Guardian. Available at: https://www.theguardian.com/technology/2015/mar/09/cybercrime-should-we-hack-the-hackers [Accessed 22 May 2018].

Cobb, S. (2015). 5 reasons not to "hack back". [online] WeLiveSecurity. Available at: https://www.welivesecurity.com/2015/01/07/5-reasons-not-to-hack-back/ [Accessed 22 May 2018].

Eric Talbot Jensen, (2012) “Cyber Deterrence,” Emory International Law Journal, 26: 805.

Francis, R. (2017). How to respond to a cyber attack. [online] CSO Online. Available at: https://www.csoonline.com/article/3175635/cyber-attacks-espionage/how-to-respond-to-a-cyber-attack.html#slide11 [Accessed 22 May 2018].

HT (2014). Actions to Prevent Cyber Attacks and Minimize Damage. [online] Hospitality psychology. Available at: https://hospitalitytech.com/actions-prevent-cyber-attacks-and-minimize-damage [Accessed 22 May 2018].

Hutchinson, J. (2013). Companies should ‘hack back’ at cyber attackers: security experts. [online] Financial Review. Available at: https://www.afr.com/technology/enterprise-it/companies-should-hack-back-at-cyber-attackers-security-experts-20130527-j0rqm [Accessed 22 May 2018].

Hathaway, O. A., Crootof, R., Levitz, P., Nix, H., Nowlan, A., Perdue, W., & Spiegel, J. (2012). The law of cyber-attack. California Law Review, pg 817-885.

Juha Saarinen, ( 2013) “Chinese Hackers Take Over Fake Water Utility,” ITNews.

Kelly Jackson Higgins, (2013) “Free Active Defense Tools Emerge,” Dark Reading.

Maybury, R. (2018). How do I deal with cyber attacks?. [online] Telegraph.co.uk. Available at: https://www.telegraph.co.uk/technology/advice/10420248/How-do-I-deal-with-cyber-attacks.html [Accessed 22 May 2018].

Messmer, E. (2011). Is retaliation the answer to cyber attacks?. [online] Network World. Available at: https://www.networkworld.com/article/2199010/malware-cybercrime/is-retaliation-the-answer-to-cyber-attacks-.html [Accessed 22 May 2018].

Rossi, B. (2015). 6 critical steps for responding to a cyber attack. [online] Information Age. Available at: https://www.information-age.com/6-critical-steps-responding-cyber-attack-123459644/ [Accessed 22 May 2018].

Snyder, P., White, R. and Mann, S. (2015). Pros and Cons of Hacking Back | Crossroads Blog. [online] Blog.cybersecuritylaw.us. Available at: https://blog.cybersecuritylaw.us/2015/03/09/pros-and-cons-of-hacking-back [Accessed 22 May 2018].

Sullivan, P. (2016). Hacking back: A viable strategy or a major risk?. [online] SearchSecurity. Available at: https://searchsecurity.techtarget.com/tip/Hacking-back-A-viable-strategy-or-a-major-risk [Accessed 22 May 2018].

Tripwire, I. (2015). Should Companies Strike Back at Hackers?. [online] The State of Security. Available at: https://www.tripwire.com/state-of-security/security-data-protection/should-companies-strike-back-at-hackers/ [Accessed 22 May 2018].

Wolff, J. (2017). Oh Good, the Worst Idea in Cybersecurity Is Back Again. [online] Slate Magazine. Available at: https://www.slate.com/articles/technology/future_tense/2017/10/hacking_back_the_worst_idea_in_cybersecurity_rises_again.html [Accessed 22 May 2018].